How to setup Two Factor Authentication in pgAdmin 4

January 15, 2023

Two-Factor Authentication (2FA) works by adding an additional layer of security to your online accounts. It requires an additional login credential - something you have - to gain account access, in addition to your password (something you know).

This feature is only available in Server Mode.

pgAdmin 4 supports two types of 2FA:

  1. Email Authentication

  2. Authenticator App (e.g: Google Authenticator)

Configure Two Factor Authentication

Configuring Two-factor Authentication for pgAdmin 4 requires editing config_local.py or config_system.py on the system where pgAdmin is installed in Server mode.

Read more at https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html

You can copy the settings from the config.py file and modify the values for the following parameters:

Note: You can also force users to configure the two-factor authentication methods on login by setting MFA_FORCE_REGISTRATION parameter to True.

Setup Two Factor Authentication from pgAdmin 4 GUI

To setup Two factor authentication from pgAdmin 4 for a user you must click on Two-factor Authentication in the User menu in the right-top corner. It will list down all the supported multi-factor authentication methods.

Click the Setup button next to Email Authentication. Please follow the instructions provided:

Note: You must set the Mail server settings in config_local.py or config_system.py in order to use email as a two-factor authentication method. Read more about Mail server settings at https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html

Setup using Authenticator App (e.g: Google Authenticator)

Click the Setup button next to the Authenticator App. Scan the QR code and enter the code from the authenticator app.

You will see the Delete button for the authentication method if it has already been configured. Clicking on the Delete button will deregister the authentication method for the current user.

Verifying the Configuration

Verify the setup by logging out and logging back in from the pgAdmin once the setup is complete. To authenticate, you can either use the Authenticator app or email authentication. It's not compulsory to set up both authentications, you can either set up one or the other.


Conclusion

Add an additional level of security to your pgAdmin accounts with the Two Factor Authentication feature in pgAdmin 4.

Share this

Relevant Blogs

pgAdmin User Management in Server Mode

pgAdmin can be deployed as a web application by configuring the app to run in server mode. One can check out server deployment on how to run pgAdmin in server...
August 24, 2023

pgAdmin CI/CD

Almost exactly three years ago I wrote a blog on my personal page entitled Testing pgAdmin which went into great detail discussing how we test pgAdmin prior to releases. Back...
August 24, 2023

More Blogs

Highlights from the PostgreSQL 16 Beta Release

The PostgreSQL Global Development Group released PostgreSQL 16 Beta 1 on May 25, 2023. PostgreSQL 16 improves logical replication by enabling replication from standbys as well as the ability to...
June 02, 2023